Tuesday, April 26, 2011

Sony has entered the seventh day of its PlayStation Network outage, and the situation has turned from bad to worse. Offering an update on the "external intrusion" that gave the Japanese electronics company cause to brings its online service for the PlayStation 3 and PSP offline, Sony has confirmed that personal information has been compromised.

"We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network," a Sony spokesperson confirmed on the company's official blog.

As for what that means to PSN and Qriocity users, Sony said that "an unauthorized person" has gained access to such identifying information as registrants "name, address (city, state, zip), country, e-mail address, birth date, PlayStation Network/Qriocity password and login, and handle/PSN online ID." Sony recently told a group of investors that the PSN currently has some 75 million registered users.

According to the publisher, it is also possible that the intruder may have gleaned certain profile data, including "purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers."

Sony also confirmed speculation that credit card data may have been compromisedas part of the attack. "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," the Sony spokesperson said. "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

Sony is taking a three-pronged approach to addressing the situation. The first, as many gamers have noticed, has been to indefinitely bring down the PSN and Qriocity media service. Sony said that it has also "engaged an outside, recognized security firm to conduct a full and complete investigation into what happened." Finally, the publisher said that it is currently taking steps to "enhance security and strengthen our network infrastructure by rebuilding our system."

Sony noted that US PSN and Qriocity users can contact credit-monitoring agenciesExperian, Equifax, and TransUnion for a free "fraud alert" that ensures credit agencies will take extra precautionary measures toward identity verification. The publisher notes that this fraud alert may impede the expediency of legitimate credit requests.

Luckily there appears to be a light at the end of the tunnel, with Sony saying, "We have a clear path to have PlayStation Network and Qriocity systems back online and expect to restore some services within a week."

[UPDATE] Meanwhile, the PSN outage is beginning to draw attention from the highest levels of the US government. In a letter to Sony Computer Entertainment America president and CEO Jack Tretton, US Senator Richard Blumenthal (D-CT) has called on Sony to offer full disclosure to PSN users if their information was compromised and to offer two years of free access to credit reporting services to check if their credit was adversely affected. "Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft," Blumenthal said.